pornhub government shutdown spike

Pornhub/Facebook

Malware attacks Pornhub users accounts for their credentials

They want your PornHub login information to sell on the dark web for cheap.

 

Elizabeth VanMetre

Streaming

Posted on Feb 25, 2019   Updated on May 20, 2021, 6:21 pm CDT

The latest malware hackers aren’t as interested in your bank information or social security number. Now, they want your PornHub login information.

A report from antivirus company Kaspersky Lab calls this malware effort credential hunting. The report says these sort of attacks doubled in numbers in 2018, affecting over 110,000 PCs around the world. The attacks can be traced to two popular sites: Pornhub and XNXX.

According to Kaspersky Lab, the malware delivers itself as a Trojan and appears to be a porn-related file. Users click on the file and are asked to download malware disguised as a video player download or update before they can play the video for free. Then, users are taking to a website extorting them for money. 

Hackers also apparently use a technique called “black SEO,” in which they look for the most-search porn tags, then tag the malware with those terms so the website containing the malware shows up at the top of a search.

A less pernicious, but still frightening, scam appears to be phishing scams through porn sites. Users might go to websites that look like popular porn sites such as PornHub or YouPorn, which then capture user’s credentials. These sites are typically sent out through spam or phishing emails, according to Kaspersky Lab.

Alternately, a user might try to watch a porn video, then get lured to another site that appears to be a social media network. To authenticate your age and watch the video, you have to log in to the scam social network site—and that’s when hackers allegedly capture user’s credentials. Hackers can also target payment information by directing the user to a fake payment site demanding the user pay for content before viewing.

Or users might download malware disguised as a porn-related link—and with it, botnets that track a user’s activity and steal credentials.

Then it’s quick cash for online criminals—they sell user information on the dark web.

And for pretty cheap at that. The highest price for a login? Around $10. 

Securelist

Hackers are also taking spam mail to the extreme. Gone are days of mass—obviously fake—emails offering you a million dollars to help out a prince.

In 2018, sextortion scams started to make their way into people’s inboxes, and they are downright scary.

Using information purchased on the dark web, criminals allegedly threaten to release video of users watching porn, saying they have a user’s name along with the videos they’ve been watching, claiming to have recorded the whole thing and will release the proof to all of the user’s contacts. The criminals use phone numbers, usernames, or passwords obtained on the dark web to make the threats more believable—even if the user names or passwords don’t have any connection to the porn sites in question. As ransom, they apparently demand bitcoin or thousands of dollars.

Securelist

“The number of users being attacked with malware that hunts for their pornographic content credentials is on the rise and this means premium subscriptions are now a valuable asset for cybercriminals,” Kaspersky Lab writes in the report.

Kaspersky Lab courted controversy in 2017 when the U.S. government banned the use of any of its hardware or software in civilian government agencies over concerns about its ties with the Russian government’s spy apparatus. The company denied that would assist any government with cyber espionage, according to Reuters.

H/T PC Mag

Share this article
*First Published: Feb 25, 2019, 2:34 pm CST